[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tunneling SMB (139) through SSH



Am Tue, Sep 02, 2003 at 10:14:48AM -0400, Matthew Kopishke sagte:
> I'm not sure if this is exactly a firewall question, but this list seem 
> like the best place to ask the question.
> 
> Here's the problem, our ISP has blocked off port 139 on all the routers 
> (for security reasons) and refuses to open it back up.  We (a school 
> district) run software for our lunch program, serving line to be exact. 
>  This software has one major flaw (and a bunch of minor ones too) in 
> that it runs off an access database that the software has to accessed 
> locally, ie through a windows share.  See the problem?
> 
> The solution I came up with is to tunnel port 139 via ssh to the server 
> where the data is stored.  It works great using OpenSSH on my Mac (OS 

as a smb-client not as a proxy for windows pc's. right?

> 10.3, kind of ironic really), it seems to work fine on an XP machine, 
> but it will not work on the Windows 98 machines that I desperately need 

windows98 maybe using netbios (originaly using udp IRC) where the XP is
using "netbios over tcp". ssh can only forward tcp. So if you can't setup
98 to use tcp as well your stuck.
Use a network sniffer to find out what is in use.

> to get running.  I've uninstalled file and printer sharing, and I've 
> also tried not logging into the windows network (just windows login) 
> but when ever I go to access //127.0.0.1/<sharepoint> I get "The 
> network name cannot be found.".

this sounds like the typical M$ missleading error message.
127.0.0.1 should be localhost, even on windows.
just don't expect to see the share in "network-neighborhood".

> 
> Does anyone see any gotchyas in there?  The other thing is I have a 
> linux firewall in each building, so if some one has a better idea using 
> them I'm all ears!

install a samba-server on them and smbmount the remote site?
a proper vpn-setup would be more elegant ;)

> 
> Thanks,
> 
> Matt

gruss
pascal



Reply to: